[syslog-ng] rewrite in syslog-ng
Wilson, Jonathan L
jonathan.wilson at vumc.org
Thu Sep 12 11:49:18 UTC 2024
Running OSE version 3.38.1 and having difficulty with a rewrite rule.
The logs that I'm trying to modify look like:
2024-09-12T06:39:31-05:00 hostname kernel: [*09/12/2024 11:39:31.9055] bwar: [7649:I:CN_ML] ...
What I am trying to do is remove the extra timestamp in square brackets (the first field in square brackets above.)
My rewrite rule looks like:
rewrite r_bracketed_ts {
subst( '^[.+]\s', '', type(pcre), value("MESSAGE"));
};
It is invoked from this log statement:
log {
source(s_BSD_UDP_514);
filter(f_something);
rewrite(r_bracketed_ts);
destination(d_something);
flags(final,flow-control);
};
The problem is that the rewrite appears to do nothing; log entries come out unmodified. Am I missing something?
Thank you -
Jon Wilson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20240912/6939515f/attachment.htm>
More information about the syslog-ng
mailing list